felixfoertsch/remind
1
0
Fork 0
mirror of https://salsa.debian.org/dskoll/remind.git synced 2026-04-16 06:18:47 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add "-+username" option to trust "username" for the purpose of allowing RUN.

Browse Source
This commit is contained in:
Dianne Skoll
2021-10-05 12:04:44 -04:00
parent 20db1be0a0
commit 0a1d0011f6
7 changed files with 79 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure vendored
View File

@@ -3820,7 +3820,7 @@ _ACEOF
for ac_header in sys/file.h glob.h wctype.h locale.h
for ac_header in sys/types.h sys/file.h glob.h wctype.h locale.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"

2
configure.in
View File

@@ -61,7 +61,7 @@ AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
dnl Checks for header files.
AC_CHECK_HEADERS(sys/file.h glob.h wctype.h locale.h)
AC_CHECK_HEADERS(sys/types.h sys/file.h glob.h wctype.h locale.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_STRUCT_TM

12
man/remind.1
View File

@@ -318,6 +318,13 @@ case, it only changes the environment variables as described above.
It does not change the effective uid or gid.
.RE
.TP
\fB\-+\fIusername\fR
Causes \fBRemind\fR to trust files owned by the user \fIusername\fR.
Normally, if \fBRemind\fR reads a file that you do not own, it disables
RUN and the shell() function. This option causes it to also trust files
owned by \fIusername\fR. You can supply multiple \fB\-+\fR options
to trust multiple users, up to a limit of 20 trusted users.
.TP
\fB-y\fR
Causes \fBRemind\fR to synthesize a tag for any reminder that lacks a
TAG clause.
@@ -1580,6 +1587,11 @@ features. It will not read a file that is group- or world-writable.
It will not run set-uid. If it reads a file you don't own, it will
disable RUN and the shell() function. And if it is run as \fIroot\fR,
it will only read files owned by \fIroot\fR.
.PP
Note that if \fBRemind\fR reads standard input, it does \fInot\fR
attempt to check the ownership of standard input, even if it is
coming from a file, and hence does \fInot\fR disable RUN and shell()
in this situation.
.SH THE INCLUDECMD COMMAND
.PP

3
src/config.h.in
View File

@@ -10,6 +10,9 @@
/* Define if you have the <sys/file.h> header file. */
#undef HAVE_SYS_FILE_H
/* Define if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define if you have the <glob.h> header file */
#undef HAVE_GLOB_H

22
src/files.c
View File

@@ -1039,7 +1039,8 @@ int TopLevel(void)
/* root, we refuse to open files not owned by root. */
/* We also reject world-writable files, no matter */
/* who we're running as. */
/* As a side effect, if we don't own the file, we disable RUN */
/* As a side effect, if we don't own the file, or it's not */
/* owned by a trusted user, we disable RUN */
/***************************************************************/
static int CheckSafety(void)
{
@@ -1077,11 +1078,22 @@ static int CheckSafety(void)
return 0;
}
/* If file is not owned by me, disable RUN command */
if (statbuf.st_uid != geteuid()) {
RunDisabled |= RUN_NOTOWNER;
} else {
/* If file is not owned by me or a trusted user, disable RUN command */
/* Assume unsafe */
RunDisabled |= RUN_NOTOWNER;
if (statbuf.st_uid == geteuid()) {
/* Owned by me... safe */
RunDisabled &= ~RUN_NOTOWNER;
} else {
int i;
for (i=0; i<NumTrustedUsers; i++) {
if (statbuf.st_uid == TrustedUsers[i]) {
/* Owned by a trusted user... safe */
RunDisabled &= ~RUN_NOTOWNER;
break;
}
}
}
return 1;

9
src/globals.h
View File

@@ -21,6 +21,12 @@
#define INIT(var, val) var
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#define MAX_TRUSTED_USERS 20
#define MINUTES_PER_DAY 1440
#define DaysInYear(y) (((y) % 4) ? 365 : ((!((y) % 100) && ((y) % 400)) ? 365 : 366 ))
@@ -36,6 +42,9 @@ EXTERN int CurMon;
EXTERN int CurYear;
EXTERN int LineNo;
EXTERN int FreshLine;
EXTERN uid_t TrustedUsers[MAX_TRUSTED_USERS];
EXTERN INIT( int NumTrustedUsers, 0);
EXTERN INIT( char const *MsgCommand, NULL);
EXTERN INIT( int ShowAllErrors, 0);
EXTERN INIT( int DebugFlag, 0);

48
src/init.c
View File

@@ -89,6 +89,7 @@ static void ChgUser(char const *u);
static void InitializeVar(char const *str);
static char const *BadDate = "Illegal date on command line\n";
static void AddTrustedUser(char const *username);
static DynamicBuffer default_filename_buf;
@@ -114,7 +115,7 @@ static char const *DefaultFilename(void)
s = getenv("HOME");
if (!s) {
fprintf(stderr, "HOME environment variable not set. Unable to determine reminder file.\n");
exit(1);
exit(EXIT_FAILURE);
}
DBufPuts(&default_filename_buf, s);
DBufPuts(&default_filename_buf, "/.reminders");
@@ -172,7 +173,7 @@ void InitRemind(int argc, char const *argv[])
if (getgid() != getegid() ||
getuid() != geteuid()) {
fprintf(ErrFp, "\nRemind should not be installed set-uid or set-gid.\nCHECK YOUR SYSTEM SECURITY.\n");
exit(1);
exit(EXIT_FAILURE);
}
y = NO_YR;
@@ -183,7 +184,7 @@ void InitRemind(int argc, char const *argv[])
RealToday = SystemDate(&CurYear, &CurMon, &CurDay);
if (RealToday < 0) {
fprintf(ErrFp, ErrMsg[M_BAD_SYS_DATE], BASE);
exit(1);
exit(EXIT_FAILURE);
}
JulianToday = RealToday;
FromJulian(JulianToday, &CurYear, &CurMon, &CurDay);
@@ -217,6 +218,10 @@ void InitRemind(int argc, char const *argv[])
}
while (*arg) {
switch(*arg++) {
case '+':
AddTrustedUser(arg);
while(*arg) arg++;
break;
case '@':
UseVTColors = 1;
@@ -535,7 +540,7 @@ void InitRemind(int argc, char const *argv[])
if (!InvokedAsRem) {
if (i >= argc) {
Usage();
exit(1);
exit(EXIT_FAILURE);
}
InitialFile = argv[i++];
} else {
@@ -682,7 +687,7 @@ void Usage(void)
fprintf(ErrFp, " -m Start calendar with Monday rather than Sunday\n");
fprintf(ErrFp, " -y Synthesize tags for tagless reminders\n");
fprintf(ErrFp, " -j[n] Run in 'purge' mode. [n = INCLUDE depth]\n");
exit(1);
exit(EXIT_FAILURE);
}
#endif /* L_USAGE_OVERRIDE */
/***************************************************************/
@@ -711,23 +716,23 @@ static void ChgUser(char const *user)
if (!pwent) {
fprintf(ErrFp, ErrMsg[M_BAD_USER], user);
exit(1);
exit(EXIT_FAILURE);
}
if (!myuid && setgid(pwent->pw_gid)) {
fprintf(ErrFp, ErrMsg[M_NO_CHG_GID], pwent->pw_gid);
exit(1);
exit(EXIT_FAILURE);
}
if (!myuid && setuid(pwent->pw_uid)) {
fprintf(ErrFp, ErrMsg[M_NO_CHG_UID], pwent->pw_uid);
exit(1);
exit(EXIT_FAILURE);
}
home = malloc(strlen(pwent->pw_dir) + 6);
if (!home) {
fprintf(ErrFp, "%s", ErrMsg[M_NOMEM_ENV]);
exit(1);
exit(EXIT_FAILURE);
}
sprintf(home, "HOME=%s", pwent->pw_dir);
putenv(home);
@@ -735,7 +740,7 @@ static void ChgUser(char const *user)
shell = malloc(strlen(pwent->pw_shell) + 7);
if (!shell) {
fprintf(ErrFp, "%s", ErrMsg[M_NOMEM_ENV]);
exit(1);
exit(EXIT_FAILURE);
}
sprintf(shell, "SHELL=%s", pwent->pw_shell);
putenv(shell);
@@ -744,14 +749,14 @@ static void ChgUser(char const *user)
username = malloc(strlen(pwent->pw_name) + 6);
if (!username) {
fprintf(ErrFp, "%s", ErrMsg[M_NOMEM_ENV]);
exit(1);
exit(EXIT_FAILURE);
}
sprintf(username, "USER=%s", pwent->pw_name);
putenv(username);
logname= malloc(strlen(pwent->pw_name) + 9);
if (!logname) {
fprintf(ErrFp, "%s", ErrMsg[M_NOMEM_ENV]);
exit(1);
exit(EXIT_FAILURE);
}
sprintf(logname, "LOGNAME=%s", pwent->pw_name);
putenv(logname);
@@ -838,6 +843,25 @@ static void InitializeVar(char const *str)
return;
}
static void
AddTrustedUser(char const *username)
{
struct passwd *pwent;
if (NumTrustedUsers >= MAX_TRUSTED_USERS) {
fprintf(stderr, "Too many trusted users (%d max)\n",
MAX_TRUSTED_USERS);
exit(EXIT_FAILURE);
}
pwent = getpwnam(username);
if (!pwent) {
fprintf(ErrFp, ErrMsg[M_BAD_USER], username);
exit(EXIT_FAILURE);
}
TrustedUsers[NumTrustedUsers] = pwent->pw_uid;
NumTrustedUsers++;
}
#if defined(__APPLE__) || defined(__CYGWIN__)
static char const pmsg1[] = {
0x4c, 0x62, 0x68, 0x20, 0x6e, 0x63, 0x63, 0x72, 0x6e, 0x65, 0x20,